A significant development in transatlantic data flows is the establishment of the EU-US Data Privacy Framework (DPF), which entered into force in 2023 . This framework replaces the earlier Privacy Shield, which was invalidated by the Court of Justice in the Schrems II judgment. Under the DPF, US companies can self-certify their compliance with a set of privacy principles, which are designed to provide a level of protection for personal data transferred from the EU that is essentially equivalent to that within the EU. The framework includes new safeguards to address the concerns raised by the court, particularly regarding the proportionality of US intelligence surveillance activities . It also establishes a new mechanism for EU individuals to seek redress if they believe their data has been unlawfully targeted by US intelligence agencies . The DPF is a crucial mechanism for thousands of companies on both sides of the Atlantic that rely on seamless data flows for their daily operations.